home

apnhotfix.exe

Torpedo Application

APN LLC

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application apnhotfix.exe, “Utility to cleanup application(s) when uninstallation fails.” by APN has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the APN Stub installer. While running, it connects to the Internet address 74.113.233.187.df.iaccap.com on port 80 using the HTTP protocol.
Publisher:
IAC Applications  (signed by APN LLC)

Product:
Torpedo Application

Description:
Utility to cleanup application(s) when uninstallation fails.

Version:
2. 1. 0. 1

MD5:
edccdfa2566a21f712719be58dfb2166

SHA-1:
f03399d2f118fd8823f927495ef9f14134efed5e

SHA-256:
197a5e88f41111a806c30db0c9adf97820c66d04d9b54ca4c8f0882117cb41e6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/18/2024 5:41:36 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask (M)
17.1.30.23

File size:
130.3 KB (133,432 bytes)

Product version:
2. 1. 0. 1

Copyright:
Copyright © 2017 IAC Applications. All rights reserved.

File type:
Executable application (Win32 EXE)

Installer:
APN Stub

Language:
English (United States)

Common path:
C:\windows\temp\apnhotfix.exe

Digital Signature
Signed by:
APN LLC

Authority:
VeriSign, Inc.

Valid from:
1/27/2017 9:00:00 PM

Valid to:
5/30/2018 8:59:59 PM

Subject:
CN=APN LLC, O=APN LLC, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
76997BE0BEDD94B560401FBF6D0AC37F

File PE Metadata
Compilation timestamp:
1/18/2017 8:44:11 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x7F70

Entry point:
E8, 62, 59, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, C8, F0, 41, 00, 00, 74, 05, E9, 18, 5A, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B...
 
[+]

Code size:
85.5 KB (87,552 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 74.113.233.187.df.iaccap.com  (74.113.233.187:80)

TCP (HTTP):
Connects to ec2-52-76-130-169.ap-southeast-1.compute.amazonaws.com  (52.76.130.169:80)

TCP (HTTP):
Connects to 74.113.237.189.lv.iaccap.com  (74.113.237.189:80)

Remove apnhotfix.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.